Navigation on Security Ligue

Content navigation

The wake-up call has been overheard

Nov 02, 2017 11:30 AM
Image caption:

Security Threats Germany, October 2017 by German Business Protection

Berlin, October 24th 2017  

The attack by the malware "WannaCry" in May 2017 had the potential to be an all-round wake-up call. Unfortunately today, we must realise that these attacks are still not taken seriously by both companies and the government. Up to 90 million euros of the federal budget are set aside for this issue, even though losses are estimated to amout to around 60 billion euros in Germany each year – with an upward trend. The Federal Office for Information Security (BSI) isn’t in much better shape; the office has to make do with barely 700 employees. The relevant federal authorities’ resources are even scarcer - on average, only two employees per federal state are dealing with the broad field of industrial espionage.

Companies are mainly using technology from the late 1990s to deter today's attacks, such as anti-virus programs and firewalls. The WannaCry incidence has proven that these measures do not provide adequate protection against attackers. The aggressors are criminal gangs who try to blackmail companies and can cause a lot of damage. For certain states that are actively involved in cyber espionage, the virtual world offers not only financial gain but also a good opportunity to get their hands on corporate secrets. Such attacks can lead to the collapse of the entire IT infrastructure, may this be a side effect or the ultimate objective. In an increasingly automated world, this could in turn have serious consequences for companies and, in case of a widespread attack, even for a whole economy.

The liability risks for executives of affected companies are increasing as well. IT security has become an integral part of compliance. If a board violates regulatory requirements, it can lead to immense liability claims. Without adequate IT security, it is now impossible to comply with official regulations. At the same time, it has become apparent that digital competency at the top level of German companies is a rare occurrence - the mere participation in the public discussion of any kind of "digitisation" will not suffice in the long run. It is high time for boards and management to recognise this and to pay more attention to the digital security of their companies.

Further informations